Security Bulletin: A vulnerability in IBM Spectrum Scale Container Native that could allow an attacker acquiring root privileges on the host (CVE-2022-41736)

Summary

A security vulnerability has been identified in IBM Spectrum Scale Container Native that could allow an attacker to acquire root privileges on the host using unshare. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2022-41736
**DESCRIPTION:**IBM Spectrum Scale contains an unspecified vulnerability that could allow a local user to obtain root privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237810 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

For this specific issue, upgrade to IBM Spectrum Scale Container Native v5.1.7.0 or later and OpenShift Container Platform 4.11, or higher.

<https://www.ibm.com/docs/en/scalecontainernative?topic=spectrum-scale-container-native-storage-access-517&gt;

For IBM Spectrum Scale Container Native, see the supported upgrade paths and follow the version specific steps to upgrade to the target version. <https://www.ibm.com/docs/en/scalecontainernative&gt;.

Note:

• If you are running any version of IBM Spectrum Scale container native < 5.1.5.0, you must first upgrade to 5.1.5.0 before proceeding to a higher version.
• Non-containerized downloads of Spectrum Scale are available on FixCentral here if you’d like to uplevel the storage cluster to match the Spectrum Scale Container Native 5.1.7.0 level.

If you have issues upgrading to the specified level, contact IBM Service.

Workarounds and Mitigations

None